Lucene search
K

4 matches found

OSV
OSV
added 2026/01/07 4:15 p.m.5 views

CVE-2025-66838

In Aris v10.0.23.0.3587512 and before, the file upload functionality does not enforce any rate limiting or throttling, allowing users to upload files at an unrestricted rate. An attacker can exploit this behavior to rapidly upload a large volume of files, potentially leading to resource exhaustio...

6.5CVSS5.8AI score0.00307EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.9 views

PT-2026-1864

Name of the Vulnerable Software and Affected Versions ARIS version 10.0.23.0.3587512 Description A file upload issue exists in ARIS version 10.0.23.0.3587512. Attackers can potentially execute arbitrary code by uploading a specially crafted PDF file containing malware. The vulnerability involves...

6.8CVSS7.3AI score0.00252EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.9 views

PT-2026-1865

Name of the Vulnerable Software and Affected Versions Aris versions prior to 10.0.23.0.3587512 Description The file upload functionality does not implement rate limiting or throttling, enabling unrestricted file uploads. This allows an attacker to upload a large number of files quickly, potential...

6.5CVSS6.8AI score0.00307EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.4 views

Software ARIS 安全漏洞

Software ARIS is a business process analysis tool from Software, Germany. A security vulnerability exists in Software ARIS version 10.0.23.0.3587512, which stems from a flaw in the file upload functionality that could lead to the execution of arbitrary code...

6.8CVSS7AI score0.00252EPSS
Exploits0References3
Rows per page
Query Builder